Categories
Networking xISP

Netflix, IPv6, and queing

While trying to get my Playstation to download the latest “No Man’s Sky” download quicker I figured I would share a little torch action.  This is showing my wife’s Ipad talking to Netflix while she is watching a streaming TV show. Keep in mind this is just an Ipad, not some 4k TV.

Some things to note as you watch this (no sound).

1.Uncapped the connection bursts to 50-60+ megs.
2.The slower your que the connection the more time it spends downloading data.  At slower ques the bursts last longer.
3.If you are handing out IPv6 to customers you should be queing them as well.

Just something to quick and dirty to keep in mind.

Categories
Bitlomat Cambium Networking UBNT Wireless WISP xISP

Learning, certifications and the xISP

One of the most asked questions which comes up in the xISP world is “How do I learn this stuff?”.   Depending on who you ask this could be a lengthy answer or a simple one sentence answer.  Before we answer the question, let’s dive into why the answer is complicated.

In many enterprise environments, there is usually pretty standard deployment of networking hardware.  Typically this is from a certain vendor.  There are many factors involved. in why this is.  The first is total Cost of Ownership (TCO).  It almost always costs less to support one product than to support multiples.  Things like staff training are usually a big factor.  If you are running Cisco it’s cheaper to train and keep updated on just Cisco rather than Cisco and another vendor.

Another factor involved is economies of scale.  Buying all your gear from a certain vendor allows you to leverage buying power. Quantity discounts in other words.  You can commit to buying product over time or all at once.

So, to answer this question in simple terms.  If your network runs Mikrotik, go to a Mikrotik training course.  If you run Ubiquiti go to a Ubiquiti training class.

Now that the simple question has been answered, let’s move on to the complicated, and typically the real world answer and scenario.  Many of our xISP clients have gear from several vendors deployed.  They may have several different kinds of Wireless systems, a switch solution, a router solution, and different pieces in-between.  So where does a person start?

We recommend the following path. You can tweak this a little based on your learning style, skill level, and the gear you want to learn.

1.Start with the Cisco Certified Network Associate (CCNA) certification in Routing and Switching (R&S).  There are a ton of ways to study for this certification.   There are Bootcamps (not a huge fan of these for learning), iPhone and Android Apps (again these are more focused on getting the cert), online, books, and even youtube videos. Through the process of studying for this certification, you will learn many things which will carry over to any vendor.  Things like subnetting, differences between broadcast and collision domains, and even some IPV6 in the newest tracks.  During the course of studying you will learn, and then reinforce that through practice tests and such.  Don’t necessarily focus on the goal of passing the test, focus on the content of the material.  I used to work with a guy who went into every test with the goal of passing at 100%.  This meant he had to know the material. CompTIA is a side path to the Cisco CCNA.  For reasons explained later, COMPTIA Network+ doesn’t necessarily work into my plan, especially when it comes to #3. I would recommend COMPTIA if you have never taken a certification test before.

2.Once you have the CCNA under your belt, take a course in a vendor you will be working the most with.  At the end of this article, I am going to add links to some of the popular vendor certifications and then 3rd party folks who teach classes. One of the advantages of a 3rd party teacher is they are able to apply this to your real world needs. If you are running Mikrotik, take a class in that. Let the certification be a by-product of that class.

3.Once you have completed #1 and #2 under your belt go back to Cisco for their Cisco Certifed Design Associate (CCDA). This is a very crucial step those on a learning path overlook.  Think of your networking knowledge as your end goal is to be able to build a house.  Steps one and two have given you general knowledge, you can now use tools, do some basic configuration.  But you can’t build a house without knowing what is involved in designing foundations,  what materials you need to use, how to compact the soil, etc.  Network design is no different. These are not things you can read in a manual on how to use the tool.  They also are not tool specific.   Some of the things in the Cisco CCDA will be specific to Cisco, but overall it is a general learning track.  Just follow my philosophy in relationship to #1. Focus on the material.

Once you have all of this under your belt look into pulling in pieces of other knowledge. Understanding what is going on is a key to your success.  If you understand what goes on with an IP packet, learning tools like Wireshark will be easier.  As you progress let things grow organically from this point.  Adding equipment in from a Vendor? Update your knowledge or press the new vendor for training options.  Branch out into some other areas ,such as security, to add to your overall understanding.

Never stop learning! Visit our online store for links to recommend books and products.

WISP Based Traning Folks.
These companies and individuals provide WISP based training. Some of it is vendor focused. Some are not.  My advice is to ask questions. See if they are a fit for what your goals are.
-Connectivity Engineer
Butch Evans
Dennis Burgess
Rickey Frey
Steve Discher
Baltic Networks

Vendor Certification Pages
Ubiquiti
Mikrotik
Cisco
Juniper
CWNA
CompTIA

If you provide training let me know and I will add you to this list.

Categories
Mikrotik WISP xISP

Simple shut-off scripting

I had a client today who is doing some manual things as they are using Quickbooks for billing and such.  One thing they kind of struggle with is turning off people for non-payment and such.  Their current method is adding a que and throttling someone to a low-speed to make them call.  Their network is a routed network utilizing DHCP to the CPE at the customer.  Everything is in router mode and they control the addressing of the units via DHCP reservations.  So how do we make this better without adding radius and all kinds of stuff into the network?

First we set up a web-proxy

/ip proxy
set enabled=yes port=8089

/ip proxy access
add dst-host=mtin.net dst-port=80
add dst-host=*.mtin.net dst-port=80
add dst-port=53
add action=deny redirect-to=www.mtin.net

What the above code does is says anyone coming into the proxy is only allowed to go to mtin.net (used our domain as an example), use port 53 (DNS), and anything else gets redirected to www.mtin.net. We chose port 53 because they are in the process of cleaning up some of the radios and such which are using 8.8.8.8 and other DNS servers.

Next we set up a nat rule

/ip firewall nat
add action=redirect chain=dstnat dst-port=80 protocol=tcp src-address-list=\
SHUTOFF to-ports=8089

This nat rule says anyone making a port 80 request coming from our SHUTOFF address-list gets redirected to port 8089 (our proxy port setup earlier).

Our third step is to setup our address list. this is very straightforward.  Just modify and add users to this list when they are to be turned off.

/ip firewall address-list
add address=10.20.0.192 list=SHUTOFF

Lastly, we add a filter rule which denies the SHUTOFF folks from using anything except port 53 and port 80.  We do this because we can’t proxy port 443 and other SSL traffic. If folks go to a HTTPS site it simply fails.  This is a drawback of using a web-proxy.

/ip firewall filter
add action=drop chain=forward dst-port=!53,80 protocol=tcp src-address-list=\
SHUTOFF

If you have an SSL payment gateway you can modify your filter rules to allow traffic to it. This is just one quick and dirty way of letting customers know they have been turned off.

Categories
UBNT WISP xISP

Random UBNT EdgeSwitch 16 interface photos

Categories
Networking WISP xISP

Leap second to be added in 2016

http://www.space.com/33361-leap-second-2016-atomic-clocks.html

A “leap second” will be added to the world’s official clocks on Dec. 31 at 23 hours, 59 minutes and 59 seconds Coordinated Universal Time (UTC), which corresponds to 6:59:59 p.m. EST; the clocks will read 23:59:60 before ticking over to midnight. The goal is to keep two different timescales in sync with each other.

So, why is this important to you as an ISP?
The trouble is that even as they use the leap second, UNIX and Linux define a day as something that is unvarying in length. “If a leap second happens, the operating system must somehow prevent the applications from knowing that it’s going on while still handling all the business of an operating system,” says Steve Allen, a programmer with California’s Lick Observatory.
Source:http://www.wired.com/2015/01/leap-second-rattle-internet-theres-plot-kill/

Many patches and fixes have been put in place to adjust for this in most Operating systems.  The concern, even a year after the last one, is software that has not been updated to account for dealing with leap seconds.

Categories
Mimosa Networking WISP xISP

Mimosa G2 first look

So Scott @ On-Ramp Indiana ordered a few of these and figured I would borrow one for a few days and do a first look and review on them.

Mimosa G2 Box

Nice and compact box.  I am a fan of the cover.  If this way on a store shelf I would notice.

G2 Insert
The very first thing you see is this wireless information card. Very handy for the home user. Many of my clients throughout the years save such things so having this in a bright card is a nice touch.  Another nice feature of this card is it has sticky tape on the back.  You can actually peel it off and stick it somewhere.  Not everyone has a network rack, so affixing it to there might not be the best bet.  We are in the day and age where there are not “telephone stations”.  The only thing I could come up with might be in a desk drawer or something like that.  I could see guests asking for the key so you would want this handy.  Any thoughts on a good place to put this?

Information Card
On the back of the card is a very handy diagram on the 3 modes of this device.  You can use it as a Wifi router. You can also use it as a repeater.  In this mode it works both wired and wireless.  As with some other manufactures it will auto-configure itself to join in with the rest of the network.  It learns the configuration and away it goes.  Thirdly, is a simple pass through mode. This is helpful if there is another router involved.

G2 contents
The box contained the unit, a slip on power plug, and the compliance paperwork no one reads. Thank you Lawyers.  One of the first things I noticed about this unit is the well made feel to it.  The plastic does not feel cheap, and it feels heavy.  That is always a scientific measure right?

G2 Ports
Mimosa has done a good job of helping the uneducated user on the use of this product.  A good example of this is plug, which is in the POE port.  This plug takes a little bit of effort to remove.  As you can see in the picture, it is also marked with a red label to distinguish this from the customer side.  This is so the customer doesn’t feed 48 volt to their router, laptop or whatever gets plugged in.

IMG_3553
Also, you have holes on the top and bottom for cooling.  On the side is a very easy to get to reset button. Another nod to Mimosa paying attention to common issues home users run into is there is a very clear sticker on the top of the unit which has the Home network SSID and passphrase on it.  A user can simply walk to the unit, look down and easily read the needed information.

G2 Plug

The power plug simply slides in a groove and snaps in place.  Nice clean setup.

In closing, my first impressions of this product are positive.  Packaging and instructions are put together well and easy to understand. The product feels good and has a good number of things to address common issues. Look for part two of this for a look of how this actually works, configuration, and testing.

If you are a manufacturer and have a product you think we would be interested in reviewing please contact us.

Categories
xISP

Default vs specified config

When setting up a device, especially a network router, you often have the option to leave things “default”. What does this really mean and what effect does it have on your network?

What you are basically saying when you leave something as default is “let the router determine what to do”.

This can be a problem when the default behavior changes. This is most often changed when going from one software version to another. Maybe someone determined that leaving a particular option enabled was no ideal. Maybe it caused issues, or is now being replaced by a different way of doing things.

Sometimes default configs are designed to make the product easier to configure.  This is typically true of many consumer based devices. The company wants you to have a good experience and not have to call them for technical support.

Keep these things in mind when you see a checkbox or something that says “default”.

Categories
Data Center Networking WISP xISP

Helpful outages web-site for network admins

http://www.outages.org/

Direct from their web-site.

How to Report
By sending a tweet with any of the following hashtag/s:
#outages
#outage
#cablecut
#fibercut
#undersea

when reporting for a service outage. Once verified we will plot it on tracker.

For e.g. #outage #loc (street, city – location name) #start (time), followed by #back (time)#planned or #unplanned (if its a planned or unexpected outage).

Download the iOS/iPhone/iPad App “Ushahidi” and add http://tracker.outages.org/ to “Settings” to start reporting.
Download the Android App “Ushahidi” and add http://tracker.outages.org/ to “Settings” to start reporting.
By sending an email:
outages@outages.org
Click to View Reports

Send comments/feedback/feature requests tovirendra[dot]rode[at]outages.org

Follow us on Twitter @outagesdotorg

Help spread the word!
Categories
Networking Security WISP xISP

Calea and the ISP

The Communications and Law Enforcement Act (CALEA) passed in 1994 is a piece of legislation every U.S. ISP should know about and be in compliance with.  If for the simple fact the government can levy heavy fines if you aren’t compliant.

For those of you wanting some background please follow these links:
https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act

https://www.fcc.gov/public-safety-and-homeland-security/policy-and-licensing-division/general/communications-assistance

First of all CALEA isn’t simply sticking wireshark onto your network and sending a packet dump to a law enforcement agency. It is much more complicated than that. You have several things which the CALEA standard addresses.

1.The ability to send multiple streams, in real time, to different law enforcement agencies.
2.The ability to not interrupt the connection to a person of interest.  In other words you don’t want to interrupt their connection to insert a piece of hardware.
3.The ability to provide just the information on the warrant.  Too much information can actually violate the court order.
4.There is a difference between a typical “request for information” warrant and a CALEA request.  These are not the same.  CALEA almost always comes from a federal agency. They are expecting you to be compliant with CALEA.

Now, here is where things get a little subjective.  The FBI has https://askcalea.fbi.gov/ which is linked from the above fcc.gov web-site.  The askcalea web-site has not been updated since 2011.  The service provider login and service provider registration simply does not work. The information about CALEA is pretty outdated.

So what does this mean for you as a small ISP? Stay tuned for more information.

Categories
Mikrotik Networking UBNT WISP xISP

MTIN introduces Mnet service for Mikrotik and Ubiquiti routers

MTIN is excited to announce our newest support offering, Mnet. Mnet allows customers using Milkrotik and Ubiquiti routers an option of a tiered support level on a per device basis. This allows customers a guaranteed support level at a fixed price. This is an enterprise level support option for critical infrastructure.

The way Mnet works is a customer purchases one of our tiered plans below. They register the serial number with us and we simply provide the paid level of support on that device. This support includes technical support on that device as well as the services included with the purchased Tier.

Tier I (Overwatch) $199 per year (only $16 per month)
This tier is designed for the user who needs the occasional support but wants to make sure things like backups and software are being looked after.

  • Basic Remote monitoring & notification of device
  • Software notification of upgrades and personalized recommendations on needed action.
  • Monthly configurations backup to online secured storage
  • Next business day support of issues.
  • Hardware replacement option available
  • Initial configuration review

Tier II (Operator) $399 per year (only $34 per month)
This tier is for the user who needs that extra bit of help when it comes to configuration and wants an extra set of eyes.
Tier II includes all of the Tier I services and adds

  • Weekly configuration backup via e-mail and online secured storage
  • Enhanced monitoring & notification of devices
  • Same business day support (6 hour maximum lead time)
  • Weekend and holiday support (6 hour maximum lead time)
  • Discount on consulting services

Tier III (Spec Ops) $599 per year (only $50 per month)
This tier is for absolute mission critical devices.
Tier III includes all of the previous tiers and adds

  • Same day business support (2 hour maximum lead time)
  • Weekend and holiday support (3 hour maximum lead time)
  • Weekly backups of configuration via e-mail and online secured storage
  • Quarterly review and recommendations on configuration

 

FAQ:

Do I have to get this on every device?
No, we recommend this on your critical routers or routers doing advanced services such as BGP or core routing functions.

Does this replace your normal consulting services?
No. This is an add-on to our consulting services. We find we have customers who need help with certain aspects of their network and this fills that gap.

Can I get quantity discounts?
Yes, contact us for a quote

I want to upgrade my router. How will this affect mNET?
We would simply transfer your support contract from the old device to the new one. Upgrade support is included.

What configuration support is included?
Technical support including configuration and troubleshooting is included on supported devices. Other devices can be included at our normal hourly consulting rate.

Do you make changes?
All changes are explained and signed off by customer before being implemented. Changes are done during an agreed upon maintenance window with a change management process.

How do I obtain support?
Customer is provided a login to the MTIN portal. Online tickets are the best method for opening a case. Telephone support is also included, but tickets are normally quicker.

How does the lead time work?
MTIN strives to meet customer expectations. Lead times are the maximum amount of time it will take. Some days this time may be measured in minutes, other times it may be longer.

Do you cover other devices?
Yes, we have plans for AirFiber, Mimosa, and other platforms.

Can I upgrade to a higher Tier?
yes, However it will take 3 business days for upgrades to process. During this time your Tier level will remain the same.

How is payment handled?
Payment is due at device registration.

Can I pay monthly?
No. If you need occasional support please see about hourly consultation services.

If you would like more information please fill out the form below.